Tony Klein's RD Standard .gsr file - Comments

tony, i haven't yet installed the new "GSR" file, but i have noticed that when i add active-x killbits, like with spywareblaster, or with other programs that likewise add killbits to the registry, none of that is flagged..

if spywareblaster can add active-x killbits, then i think that, likewise, a bad active-x control (or whatever they are called) could slip in..

if it is possible, i would like to have a rule so that regdefend will ask me if i want to allow these active-x controls, or whatever they are called, to be added to the registry..

wouldn't that be a good idea, or no?

 

Well, you could create a new rule in the Web Browser Protection group to monitor Create/Modify Key and Set/Delete value for the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

... and then crate an override rule in the Spywareblaster group in order to allow it to modify that key.

It's up to you; in view of what we currently see happening "in the wild", so to speak, this is not a vital "hijack point" at present.

 

thanks for the tip on how to create the rule.. that is what i needed..

update: i created the rule, but it doesn't seem to make any different when i add or remove "killbits"..

 

Be advised....if this rule is enabled when enabling the items in Spywareblaster there may be some issues whereby Spywareblaster may lock up unless you consider adding an allow rule to the Spywareblaster Group in Tony's .gsr file.

In any case....Does your rule look similar to this ?

 

thanks, bubba.. i will try that..

update: it is working, now..

 

You might have already done this also....but if not you could also consider adding that same rule as an Allow to the Spywareblaster Group entry in Tony's .gsr file. That way all others will then give you a warning message.

 

one thing that i noticed is that, with that active-x compatibility rule, if i try to add "killbits" to the registry with a "reg" file, where regedit.exe is used, it is very slow.. without the rule, the process is not slow.. it is not the same, when adding killbits to the registry with third-party programs..

none of the items are logged when adding killbits to the registry with a "reg" file (where regedit.exe is used).. maybe there is some kind of "loop", or something, in the way that regdefend ties in with regedit.exe..

 

Nope, that's not possible. Regedit will not behave differently from any other application in that respect.

I entered the rule exactly according to Bubba's screenshot (dont forget the backslash and wildcard at the end!)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Activex compatibility\*

... and check those four boxes, making sure 'allow' is checked as well.

Now enter the following test.regfile:

That should give you two RD prompts:

 

thanks, tony.. i created the test-reg-file and ran it, and i did get two alerts from regdefend..

i have an old reg-file from "spywareguide", the last "blocklist" that they put out, and, when i ran it, regdefend didn't throw up any alerts or log anything.. maybe the reason for that was that the regkeys were already in the registry, and, since nothing new was being written, there were no alerts and nothing was logged..

 

Eggzactly!